squid:S1068 lombok: Unused "private" fields should be removed

6,686 views
Skip to first unread message

Hilal Emeksiz

unread,
Apr 18, 2018, 5:35:33 AM4/18/18
to SonarQube

Hello 
sonar-java-plugin-5.1.0.13090.jar and sonar 7.0  versions are used.

A major bug (attached):Unused "private" fields should be removed is our case. Lombok is used , not all of the projects are maven.
In previous versions of sonar-java-plugin, it is said that the issue is resolved. (https://github.com/SonarSource/sonar-java/pull/102)
However we came across.

Is the solution valid for version sonar-java-plugin-5.1.0.13090.jar ?
Or do we get  error because we didn't set the parameters below. our project folder hierarchies may differ so, we may not be able to set these parameters as general as below.Thank you.


sonar.java.binaries=target/classes
sonar.java.libraries=target/dependency/*.jar

Hilal Emeksiz

unread,
Apr 18, 2018, 6:57:49 AM4/18/18
to SonarQube


18 Nisan 2018 Çarşamba 12:35:33 UTC+3 tarihinde Hilal Emeksiz yazdı:

Hello 
sonar-java-plugin-5.1.0.13090.jar and sonar 7.0  versions are used.

A major bug (attached):Unused "private" fields should be removed is our case. Lombok is used , not all of the projects are maven.
In previous versions of sonar-java-plugin, it is said that the issue is resolved. (https://github.com/SonarSource/sonar-java/pull/102)
However we came across.


Is the solution valid for version sonar-java-plugin-5.1.0.13090.jar ?
Or do we get  error because we didn't set the parameters below. our project folder hierarchies may differ so, we may not be able to set these parameters as general as below. In addition, in bitbucket we do not store  compiled code  (target/classes) Thank you.


sonar.java.binaries=target/classes
sonar.java.libraries=target/dependency/*.jar

Michael Gumowski

unread,
Jun 8, 2018, 3:56:29 AM6/8/18
to Hilal Emeksiz, SonarQube
Hello Hilal,

As you already mentioned in your message, in order to remove these issues, you will definitely need to enter the sonar.java.binaries and sonar.java.libraries properties.

In order to work correctly, the SonarJava analyzer requires access to bytecode of all the files from your project, as well as the bytecode of the libraries being used in your project. If not fed or misconfigured, then the analysis will report wrong issue and False Positives, like in your case.

Now, even if you don't store compiled code (which is expected), we expect SonarQube analysis to be triggered during Continuous Integration or build phases, where the project is built and tested. At this time, compiled code should be available (as well as results of tests and code coverage measure, if needed).

Hope this helps,
Michael



--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/267f1f9b-c2c6-4315-949c-587d49e00c29%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Michael Gumowski | SonarSource
Software Developer, Language Team
https://www.sonarsource.com
Reply all
Reply to author
Forward
0 new messages